Playing with computers since age 13, time to start documenting all the wonderful things and treasures I have discovered and developed - also a blog to serve as a time-saver by not having to reinvent the wheel.

Search

Sunday, March 26, 2017

The passage of time has always been fascinating and measuring that passage accurately is important and intellectually simulating to me. Twice every year, during daylight savings time change, I go around the house setting every non-atomic clock to exactly the 00th second of the next minute the best I can, manually referencing a technological marvel on my wrist, a Casio Pathfinder Triple-Sensor Solar that, among numerous awesome things, synchronizes to NIST's WWVB atomic clock signal from Fort Collins, Colorado every night. I have had multiple discussions with the family about running all the clocks in the house in UTC, and actually have a fully functional binary wall-clock and a binary wrist-watch as well.

I run multiple free public Network Time Protocol (NTP) servers that help in distributing time across the world to numerous computer systems and devices. All of my internet-facing NTP servers participate in the NTP Pool Project, and the servers that serve stratum 2 time are also listed at ntp.org.

I have spent significant time locating, testing and short-listing public stratum-1 NTP servers to run my stratum-2 servers off. The remaining servers are stratum-3, with my stratum-2 servers used as time sources among others for them.

The intent of this post is to document all of my ntp.conf NTP daemon configuration files for quick recovery from any catastrophic failure and subsequent reinstallation of any of my servers.

sanyalnet-cloud-vps.freeddns.org

sanyalnet-cloud-vps.freeddns.org is a free public stratum-2 NTP server running on a CentOS 7 virtual machine in a data-center in Kitchener in Ontario, Canada, using the following /etc/ntp.conf NTP configuration file and using free public stratum-1 NTP servers as time sources.

For security, NTP queries are limited to be responsive if issued from localhost only:

# ntpq -p 127.0.0.1# ntpdc -p 127.0.0.1

The easiest way to make sure the server is serving time is to execute a ntpdate query from an external system over the internet:

Similarly, to monitor the time sources this NTP server is synchronizing time from using tshark:

# nice -n 19 ionice -c3 tshark -i ens33 -Y ntp | grep "client"

sanyalnet-cloud-vps2.freeddns.org

sanyalnet-cloud-vps2.freeddns.org is another free public stratum-2 NTP server running on a different CentOS 7 virtual machine in a data-center in Kitchener in Ontario, Canada, using this /etc/ntp.conf:

Again, for security, NTP queries work only from localhost:

# ntpq -p 127.0.0.1# ntpdc -p 127.0.0.1

To check if the NTP server is active and serving time to external hosts over the internet, execute a ntpdate query from an external system:

sanyalnet-ntp.freeddns.org

This free public NTP server is actually running on a pfSense (based on FreeBSD) virtual machine that is my primary home internet entry point serving as the first of a custom three-level internet security and unified threat management system and firewall home internet gateway. It is a free public stratum-2 NTP server. The configuration file /var/etc/ntpd.conf is created from the pfSense saved configuration, dynamically at boot time or on changing the pfSense NTP configuration via the pfSense web interface.

tshark is not included in the standard pfSense installation. To monitor NTP traffic, use tcpdump on the WAN interfaces, similar to:

nice -19 tcpdump -i em2 udp port 123 | grep " > "

You can also monitor outgoing NTP responses to external clients by filtering the tcpdump output for the word "Server". Conversely, you can monitor the time sources this server is synchronizing itself with using the filter "Client".

nice -19 tcpdump -i em2 udp port 123 | grep " > " | grep "Server"

nice -19 tcpdump -i em2 udp port 123 | grep "Client"

Stratum-3 Free Public NTP Servers

The free public stratum-3 NTP servers I maintain, including wbri.duckdns.org, yiradio.duckdns.org etc., are Linux CentOS 7 virtual machines serving NTP usually at stratum 3 using the /etc/ntp.conf configuration file below. This NTP configuration prefers my stratum-2 servers as preferred time sources, along with free public stratum-1 servers as secondary sources. If all the stratum-2 servers become unusable in this configuration, the NTP server will then become a stratum-2 server itself, since it will use only stratum-1 servers then.

Solaris 11 OpenIndiana NTP Time Server

I run a hobbyist Solaris 11 OpenIndiana server inside my local area network. The NTP configuration file for Solaris 11 resides in /etc/inet/ntp.conf. Since the Solaris server is inside my LAN, it can access the other LAN-only NTP servers directly as the primary time source, including the Sophos 9 UTM and ClearOS servers that form the 2nd and 3rd layers of my 3-layer home internet security system. As mentioned before, the first layer is the internet-exposed pfSense server. Here is what I use for NTP configuration for the Solaris 11 server.

Digital DEC OpenVMS 7.3 VAX TCPIP NTP Time Server

My hobbyist OpenVMS 7.3 VAX servers QCOCAL VAXserver 3900 Series and CLOUDY VAX-11/780 run the NTP service that is included with Compaq TCP/IP Services for OpenVMS VAX Version V5.1. QCOCAL is reachable over the internet via TELNET sanyalnet-openvms-vax.freeddns.org. CLOUDY and numerous Digital machines including VAXen, PDP-11s etc. can be reached from QCOCAL over DECnet thanks to the HECnet Hobbyist DECnet project that I am very excited to be a part of.

Friday, March 17, 2017

Windows users have been using on-demand antivirus programs for decades, and every user has a favorite free or paid antivirus installed. Personally, I change my Windows antivirus program about once a year, based on the excellent metrics published at the Shadowserver Foundation.Mac users are not far behind these days. Even though a Unix-based operating system like OS X El Capitan is inherently far more secure, the justification for installing antivirus software on Macs is Windows-based malware can still be stored and shared on Macs. In my experience, both Avira and Sophos antivirus for Mac OS X El Capitan do commendable jobs. With mobile devices and smartphones easily outnumbering desktop and laptop computers now, Antivirus for Mobile Devices, especially Android-based smartphones, tablets and phablets, are also provided by many of the antivirus software shops now.With the threat to computers moving away from viruses towards Trojans, malware, ransomware. adware, and PUP (Potentially Unwanted Programs) and bots like the recent Mirai running on your devices connected to your home network that make up your internet of things (IoT), just having a antivirus program that performs on-access scans is not quite enough. I regularly run a suite of on-demand scanners, all free, that troll through the memory and file systems of my computers, finding and neutralizing any threats missed by simple on-access scanners, as well as adware, malware, unwanted programs and more.All of these malware scanning tools are on-demand, i.e. you run them periodically by manually launching them. They typically download the latest engine and definitions and perform a deep scan of your hard drives, and also provide options to clean out any malware they identify. They are all designed to be run even if you have a primary antivirus solution installed that performs real-time scans as files are accessed by the operating system.Special mention must be made of the collection "EU Cleaner" from botfrei of Germany. They provide prepackaged bootable antivirus images that will be invaluable when you are trying to recover from an infection. For example, their Anti-Bot CD is a bootable disc image that you can create a CD from that boots into a Avira scanner environment to scan and neutralize threats on an infected PC.Note: The text descriptions for each of these tools below contain excerpts of the manufacturer web-sites for these tools. Also, I ran some of the following tools under Sandboxie sandboxes, as indicated by sandbox names in the title-bar or yellow borders around the windows.

Avira PC Cleaner

Avira PC Cleaner

The German antivirus company Avira Operations are known for their commercial Avira Antivirus Security Pro as well as their freely downloadable Avira Antivirus Security. Their free PC Cleaner tool is a malware scanner that works alongside other anti-malware products. It protects PCs, laptops and netbooks running Windows XP (SP3) and above. Best of all, PC Cleaner doesn’t require installation, registration or any additional drivers.

When the free Avira Free PC cleaner tool is launched, it goes and updates itself from personal.avira-update.com and then starts scanning your computer.

ClamWin: Clam Antivirus for Windows

ClamWin Free Antivirus for Windows

The open source ClamWin antivirus (www.clamwin.com) uses the ClamAV engine and is available under a GNU General Public License by the Free Software Foundation. Virus database updates are free too. ClamWin is a on-demand scanner, and does not come with any on-access real-time scanning features.

I use the underlying clam antivirus engine with the clamscan and clamdscan tools on all of my unix-derived systems, including Solari 11 and various flavors of Linux. The maintainers of this great free malware scanner are very enthusiastic - updates and detection rates are both pretty impressive. Depending on your primary real-time on-access antivirus solution and resiliance of your firewall, ClamWin does provide a very viable 2nd line of on-demand scanning defense.

Dr.Web Cureit!

Dr.Web CureIt!

Russian anti-virus Dr.Web has been around since 1992, with their flagship commercial Dr.Web Anti-Virus. Their on-demand online scanner Dr.Web Cureit! is free for private use (business use is prohibited). It allows you to choose which parts of your computer to scan - boot sector, memory, root directory, Windows system directories, documents, temporary files, and even system restore points and for rootkits. I always select all of the scanning options. Download free Dr.Web Cureit from here.

Emsisoft Emergency Kit

Emsisoft Emergency Kit

Austria-based Emsisoft make the interesting dual-engine Emsisoft Anti-Malware. Their Emsisoft Emergency Kit (EEK) is free for personal use and contains a collection of programs that can be used without software installation to scan for malware and clean infected computers: Emsisoft Emergency Kit Scanner and Emsisoft Commandline Scanner. The downloaded executable extracts EEK to any folder and you can run it from the folder you extracted it into, like a portable installation.EEK has options for you to download the latest updates from Emsisoft and choose the locations to scan.Download free Emsisoft Emergency Kit from here.

eScan Free Anti-Virus Toolkit (MWAV from MicroWorld Technologies)

MicroWorld MWAV eScanAV Anti-Virus Toolkit

eScanAV Anti-Virus Toolkit (MWAV) from Farmington Hills, MI based MicroWorld Technologies is a free utility that helps Windows users to Scan and Clean Viruses,Spyware, Adware and other Malware that have infected their computers. Their commercial offerings feature cloud security and include eScan Internet Security Suite and eScan Tablet Security.The eScanAV Anti-Virus Toolkit (MWAV) installer reminds you to update the definitions using a Update button after installation. When I tried it, it did work, slowly but steadily downloading numerous little files anywhere between 1 KB and 200 KB each, totalling over 31MB from the mwti.net domain, followed by intense hard-disk activity presumably installing the great number of little files in their proper places.The main interface includes an interesting "View Network Activity" button that opens another windows that lists all network connections from the processes running on your Windows computer.A "Scan and Clean" button launches the scanner in a simple minimalist but sufficient interface.Download MicroWorld eScanAV Anti-Virus Toolkit (MWAV) free from here.

ESET Online Scanner

ESET Online Scanner

Slovakia-based ESET Antivirus and Internet Security Solutions, makers of the NOD32 antivirus and comprehensive internet security suits, provides a easy-to-use single scan tool that detects and removes malware that is completely free. Despite it's claim of "runs from any browser", it does not run from inside my installation of Google Chrome browser. Instead, you can download an installer executable. This executable provides an on-demand online scanning and cleaning tool.You can download free ESET Online Scanner from here.

F-Secure Online Scanner

F-Secure Online Scanner

Helsinki, Finland based F-Secure Corporation are the makers of the F-Secure Internet Security and F-Secure Mobile Security commercial antivirus software. Their free F-Secure Online Scanner gets rid of viruses and spyware on your PC, and it works even if you've already got other security software installed. F-Secure Online Scanner is easy to use with just a couple of clicks — just download and run it. It doesn't leave anything on your PC and what's more, it's completely free. Download F-Secure free online scanner from here.

herdProtect Anti-Malware Scanner

herdProtect Anti-Malware Scanner

herdProtect Anti-Malware Scanner is a fast and free Windows desktop program which detects malicious threats, spyware and adware by utilizing 68 industry anti-malware scanners. It has no impact on your system resources and uses the herdProtect cloud-based scanning engine. The scanner is a second line of defense and is designed to work perfectly with your existing anti-virus software (we highly recommend you use another anti-malware product with herdProtect). Best of all, it's FREE.

HitmanPro Malware Removal Tool

HitmanPro Malware Removal Tool

SurfRight B.V. of the Netherlands, makers of HitmanPro (formerly Hitman Pro), are now owned by Sophos. They offer the commercial HitmanPro anti-virus featuring cloud-enabled behavioral malware protection. They also offer a Hitman Pro Malware Removal Tool as a secondary anti-virus scanner that you can purchase, or try out using their free 30-day trial.The tool does go out to the internet to take advantage of it's cloud support. I watched tool dial out hash.hitmanpro.com and cloud.hitmanpro.com.Download Hitman Pro Malware Removal Tool from here.

Malwarebytes Anti-Malware Free

Malwarebytes Anti-Malware Free

Malwarebytes is wildly popular, and since you are here, chances are you have already downloaded and run it or seen someone else run it. The tool from from Santa Clara, California based Malwarebytes Corporation resides on every hard-disk I know of, does free updates to itself, the engine, and virus definitions, and scans fast and thorough. Like most other people on the planet, this is one of the chosen tools I run regularly.The paid Malwarebytes Premiumedition gets you real-time on-access protection. You can get Malwarebytes Anti-Malware Premium here.Download Malwarebytes Antimalware Free online from here.

McAfee Security Scan Plus

McAfee Security Scan Plus

Santa Clara, California based McAfee, now part of Intel Security Group, are known for their McAfee Total Protection commercial antivirus solution. They also offer free McAfee Security Scan Plus that is a diagnostic tool that ensures you are protected from threats by actively checking your computer for up-to-date anti-virus, firewall, and web security software. It also scans for threats in any open programs.

In addition to one-time and on-demand scans, you can schedule an automatic periodic scan. Not entirely unexpected, the free tool encourages you with scary-looking notices to obtain and install McAfee security software. For example, if McAfee Web Protection is not installed, it will report "Online threat detected" with a "Fix it now" button that will promptly take you to their website to download and install the McAfee product.

McAfee Stinger tool

McAfee Stinger tool

McAfee (now owned by Intel) provides a free standalone utility called "Stinger" which scans for and attempts to neutralize specific critical viruses, malware, botnets including GameOver Zeus, ransomware including CryptoLocker, rootkits and more. It in not a full-fledged malware scanner, a fact that is well-documented in their "How to Use Stinger" web page. You can configure Stinger to specify which threats it should look for using a "Threat List" configuration option.

About McAfee Real Protect

The McAfee Stinger installer also installs the beta version of their McAfee Real Protect monitor featuring "real-time behavioral detection technology that monitors and remediates suspect processes which exhibit malicious behavior."Learn more about McAfee Stinger and download for free here.

Microsoft Windows Defender Offline Scanner Tool (mssstool)

Microsoft Windows Defender Offline Scanner Tool

If you are using Microsoft Windows Defender that is included with Windows as your antivirus security solution, you already have the Windows Defender Offline Scanner tool installed and ready.To get to it from the Windows Start button, choose the Settings gearbox icon just above the power icon from the bottom left corner of the Windows Start menu, and navigate to "Update and Security", then "Windows Defender" and scroll down.The tool will take about 15 minutes to scan for malware and will reboot your computer according to the description in the launcher menu itself.

Microsoft Windows Defender Offline Malware Scanner Tool Launcher

The tool can also be downloaded from the Microsoft website and run stand alone even if you do not use Microsoft Windows Defender. You will need a USB stick or a CD/DVD burner connected to create a boot device to boot from and launch a scan:

MSERT: Microsoft Safety Scanner

MSERT: Microsoft Safety Scanner

Microsoft's free Safety Scanner (msert.exe) works as a 2nd-level scanner in addition to your primary real-time on-access antivirus. The Safety Scanner can work alongside Microsoft Security Essentials real-time on-access antivirus solution. The scanner has an expiration of 10 days from download, and you will have to download it again if you want to run it again after expiration.Download Microsoft Safety Scanner free online here.

Panda Cloud Cleaner

Panda Cloud Cleaner

Like herdProtect, Panda Security from Bilbao, Spain also take a cloud-based approach to malware scanning with their free Panda Cloud Cleaner tool. Panda also offers a commercial security suite called Panda Antivirus Pro.

The free Panda Cloud Cleaner is an advanced disinfector based on Collective Intelligence (scanning in-the-cloud) that detects malware that traditional security solutions cannot detect. Your drive is scanned and your files are checked for viruses and malware over your internet connection with Panda's databases. When I ran Panda Cloud Cleaner, I could see significant octet-stream traffic to http://cache2.pandasecurity.com.

Panda Free Antivirus has been consistently among the best free security products around for a few years. It is among my antivirus products of choice along with Avira, Ad-Aware and Avast, with the charts at shadowserver guiding me on which one to deploy every few months or so.

SecureAPlus

SecureAPlus Antivirus and Application Control

SecureAPlus is another cloud-based antivirus and application-control PC security solution you can download for free that combines more than 10 of the best antivirus engines in the cloud with easy-to-use yet powerful application control and white-listing. Also usable as a second line of defense, it is compatible with other antivirus, anti malware & other security applications.

Offered as a "freemium" product, the first 12 months of use are free, after which it costs $2 per month.

The installation options of SecureAPlus does not have the "Offline Antivirus" option checked by default, do not forget to check it if you want to use only the offline scanning features of it. "Application Whitelisting" and "Universal AV" are checked by default and grayed out in the installation options - you have to install those options.

Sophos Virus Removal Tool

Sophos Virus Removal Tool

I am a big fan of Sophos of Abingdon, UK having had great success in using many of their products. Their new Sophos XG firewall is among the best out there. Sophos UTM 9 free personal edition forms the middle layer of my 3-layer firewall for many years now. I also have their free Sophos Antivirus for Linux and Unix Systems or Sophos Home for MacOS X installed on all computers in the house. Sophos Home for Windows is also offered by them, free for personal use. Their prebuilt Sophos UTM hardware firewalls are among the best out there.The free Sophos Virus Removal Tool uses cutting edge technology found in their enterprise-grade software and detects all types of malicious software on your computer - including viruses, spyware, rootkits and Conficker, and returns it to a working state. The tool has direct access to virus data from SophosLabs, their global network of threat researchers, ensuring that even the very latest viruses are detected and removed. It works alongside any existing antivirus. You can download free Sophos Virus Removal Tool from here.

SUPER AntiSpyware Free Edition

SUPERAntiSpyware Free Edition

SUPERAntiSpyware is consistently among the most popular and beloved offline malware scanners around for a while, and one of the chosen few tools I run regularly. The Redwood City, California-based makers are lead by Nick Skrepetos. Apparently SUPERAntiSpyware was taken over by Support.com in 2011, according to their web-site

SUPER AntiSpyware promises to detect and neutralize a myriad of threats including "spyware, adware, malware, trojans, dialers, worms, keyloggers, hijackers, parasites, rootkits, rogue security products and many other types of threats." If you ask it to, it updates itself at startup and does a free, fast and reliable job of keeping your Windows PC clean.

Among other free offerings, Trend Micro also offers RUBotted that monitors your network for potential infection and suspicious activities associated with bots. Bots are malicious files that enable cybercriminals to secretly take control of your computer. Incidentally, I maintain a list of external IP Addresses from which connections with the MIRAI botnet signature are originating all the time in my MIRAI IP BLOCKLIST.Upon discovering a potential infection, RUBotted will identify and clean it with HouseCall. Protect your system by continuously monitoring your computer for potential infection and suspicious activities with RUBotted. Download RUBotted free from Trend Micro here.

VIPRE Rescue Free Virus Removal Tool

VIPRE Rescue Scanner Free Virus Removal Tool

I have a huge preference for any tool like the free VIPRE Rescue tool from Clearwater, Florida-based ThreatTrack Security (makers of the VIPRE Internet Security suite) that works close to bare metal with no fancy graphical interfaces, runs in a command shell in text mode and under Safe Mode. As expected from any true rescue tool, the authors of this tool actually encourage running it on an infected computer (after it is infected). In that sense, it is not a pre-emptive malware scanner as much as a powerful tool to get your PC back on its feet again after hit by a malware security breach.You download the tool (300 MB!) on to an infected computer, reboot into Safe Mode and run it. It ships in the form of a regular self-extracting ZIP file that unzips itself and launches in a command prompt window.To learn how to boot your Windows 10 PC in Safe Mode, refer to the Microsoft article "Start your PC in safe mode in Windows 10".Download VIPRE Rescue Free virus removal tool from here.

Zemana AntiMalware Free

Zemana AntiMalware Free

I have been regularly using Zemana AntiMalware from Turkey-based Zemana Ltd. from its inception and have had great success with it to keep my computers malware threat-free.

Zemana is a cloud-based freemium product that scans and eliminates threats on-demand for free, with the paid product providing real-time protection. It features a bootkit and rootkit remediator that effectively detects and removes deep embedded rootkits and bootkits, a browser cleanup service that removes annoying browser add-on's, unwanted apps and toolbars and is an efficient adware cleaner, and offers protection from ransomware and zero-day threats. The cloud-based threat lookup is implemented via linking up with zamcloud.zemana.com.